Due to the recent increase in cyber security attacks that have led to several high-profile breaches and loss of consumer data, New York State Department of Financial Services has established a requirement under 23 NYCRR 500 – Cyber Security Requirements for Financial Services Companies.

NYDFS Part 500 goal is to establish certain regulatory minimum standards to ensure financial services companies design, implement and maintain a cyber security program that is relevant to the company and aligned with its technological advances.

On the other hand, FFIEC has developed a Cyber Security Assessment Tool that can be mapped to NIST framework with prescriptive guidelines for evaluating security controls across the organization.

These regulations do not prescribe a specify framework but requires each company to assess its specific risk profile and design a program that addresses its risks in a robust fashion. It also requires senior management to be responsible for the organization’s overall cyber security program and file an annual certification report confirming compliance with these regulations.

SYSUSA security and compliance Subject Matter Experts (SME’s) can help you ensure compliance with the requirements of NYDFS Part 500 and FFIEC Controls Assessment and establish a comprehensive and consolidated Cyber Security Risk Assessment Framework (CSRAF) to assess the state of current cyber security program, identify risk and prioritize a baseline of relevant business risks and cyber threats.